Update luks_unlock() to accept a binary passphrase, to match the LUKS2 implementation. Co-developed-by: Claude <noreply@anthropic.com> Signed-off-by: Simon Glass <simon.glass@canonical.com> --- cmd/luks.c | 4 ++-- drivers/block/luks.c | 14 +++++++------- include/luks.h | 4 +++- test/boot/luks.c | 4 ++-- 4 files changed, 14 insertions(+), 12 deletions(-) diff --git a/cmd/luks.c b/cmd/luks.c index c1e8035e685..defd987776d 100644 --- a/cmd/luks.c +++ b/cmd/luks.c @@ -88,8 +88,8 @@ static int do_luks_unlock(struct cmd_tbl *cmdtp, int flag, int argc, printf("Unlocking LUKS%d partition...\n", version); /* Unlock the partition to get the master key */ - ret = luks_unlock(dev_desc->bdev, &info, passphrase, master_key, - &key_size); + ret = luks_unlock(dev_desc->bdev, &info, (const u8 *)passphrase, + strlen(passphrase), master_key, &key_size); if (ret) { printf("Failed to unlock LUKS partition (err %dE)\n", ret); return CMD_RET_FAILURE; diff --git a/drivers/block/luks.c b/drivers/block/luks.c index 93b50dd105a..96180d39b4e 100644 --- a/drivers/block/luks.c +++ b/drivers/block/luks.c @@ -415,7 +415,8 @@ static int try_keyslot(struct udevice *blk, struct disk_partition *pinfo, } int luks_unlock(struct udevice *blk, struct disk_partition *pinfo, - const char *pass, u8 *master_key, u32 *key_size) + const u8 *pass, size_t pass_len, u8 *master_key, + u32 *key_size) { uint version, split_key_size, km_blocks, hdr_blocks; u8 *split_key, *derived_key; @@ -452,8 +453,8 @@ int luks_unlock(struct udevice *blk, struct disk_partition *pinfo, version = be16_to_cpu(*(__be16 *)(buffer + LUKS_MAGIC_LEN)); if (version == LUKS_VERSION_2) - return unlock_luks2(blk, pinfo, (const u8 *)pass, strlen(pass), - master_key, key_size); + return unlock_luks2(blk, pinfo, pass, pass_len, master_key, + key_size); if (version != LUKS_VERSION_1) { log_debug("unsupported LUKS version %d\n", version); @@ -516,10 +517,9 @@ int luks_unlock(struct udevice *blk, struct disk_partition *pinfo, /* Try each key slot */ for (i = 0; i < LUKS_NUMKEYS; i++) { - ret = try_keyslot(blk, pinfo, hdr, i, (const u8 *)pass, - strlen(pass), md_type, *key_size, - derived_key, km, km_blocks, split_key, - candidate_key); + ret = try_keyslot(blk, pinfo, hdr, i, pass, pass_len, md_type, + *key_size, derived_key, km, km_blocks, + split_key, candidate_key); if (!ret) { /* Successfully unlocked */ diff --git a/include/luks.h b/include/luks.h index 6c39db7a2d2..8826fa96507 100644 --- a/include/luks.h +++ b/include/luks.h @@ -146,6 +146,7 @@ int luks_show_info(struct udevice *blk, struct disk_partition *pinfo); * @blk: Block device * @pinfo: Partition information * @pass: Passphrase to unlock the partition + * @pass_len: Length of the passphrase in bytes * @master_key: Buffer to receive the decrypted master key * @key_size: Size of the master_key buffer * Return: 0 on success, @@ -157,7 +158,8 @@ int luks_show_info(struct udevice *blk, struct disk_partition *pinfo); * -EIO if failed to read from block device */ int luks_unlock(struct udevice *blk, struct disk_partition *pinfo, - const char *pass, u8 *master_key, u32 *key_size); + const u8 *pass, size_t pass_len, u8 *master_key, + u32 *key_size); /** * luks_create_blkmap() - Create a blkmap device for a LUKS partition diff --git a/test/boot/luks.c b/test/boot/luks.c index 6bf613f3b08..93cc8ce6681 100644 --- a/test/boot/luks.c +++ b/test/boot/luks.c @@ -274,8 +274,8 @@ static int bootstd_test_luks2_unlock(struct unit_test_state *uts) /* Test that unlock fails for partition 1 (not LUKS) */ ut_assertok(part_get_info(desc, 1, &info)); - ut_asserteq(-ENOENT, luks_unlock(desc->bdev, &info, "test", master_key, - &key_size)); + ut_asserteq(-ENOENT, luks_unlock(desc->bdev, &info, (const u8 *)"test", + 4, master_key, &key_size)); /* Test unlocking partition 2 with correct passphrase */ ut_assertok(run_command("luks unlock mmc c:2 test", 0)); -- 2.43.0